Public key cryptography can be used for secure messaging between a sender and a receiver. The sender can generate or otherwise obtain a public/private key pair, sign a message using the private key, and send the message to the receiver. Using the public key, the receiver can verify that the message was signed using the private key, but is generally unable to reproduce the private key or generate a new signature. Some signature schemes that use public key cryptography can be designated as one-time use signature schemes, in that the receiver's inability to reproduce the private key or generate a new signature is assured only if sender signs one message with its private key, but not necessarily if the sender signs two or more messages.
As an example, public key cryptography can be used in cryptocurrency transactions. In the case of a cryptocurrency transaction, the sender can obtain an address of the receiver, where the address of the receiver is associated with the receiver's account. The sender can generate a public/private key pair that is associated with the sender's account, sign a message that includes the amount of funds to be transferred and the receiver's address, and send the signed message to the receiver (as well as to others in the cryptocurrency network). The receiver can then verify the account of the sender and verify the available funds of the sender based on a transaction log of the cryptocurrency (e.g., a block chain) to determine whether the sender can enter into the transaction.
However, the sender can exploit a vulnerability in cryptocurrency and other systems based on transaction logs. In particular, the sender can clone the one-time use private key and attempt to engage in a second transaction with the same or a second receiver using the cloned private key. Because of network delays, for example, the receiver(s) might not be aware of both transactions before verifying their respective transactions and/or, in the case of a cryptocurrency transaction, the available funds of the sender may not be up to date.
Accordingly, either the first transaction or the second transaction may exhaust the funds in the sender's account and/or only one transaction may be added to the transaction log. As a result, while the receiver(s) may verify both the transactions, only one transaction may result in a payment.
Therefore, there is a need for systems and methods for detecting and responding to double signing in a one-time use signature scheme.